class SessionsController < ApplicationController
  skip_before_action :verify_login
  layout false
  def new
  end

  def create
    if user = User.where(username: params[:username], password: Digest::MD5.hexdigest(params[:password])).first
      session[:username] = user.username
      session[:expired_at] = Time.now + 2.hour
      redirect_to posts_path, notice: '登录成功'
    else
      session[:username] = session[:expired_at] = nil
      redirect_to login_path, notice: '用户名或密码错误'
    end
  end

  def destroy

  end
end
